From d98bbf6586ca6100be896bb0f4db6ae0c4b859b3 Mon Sep 17 00:00:00 2001
From: simonbrandhof <simon.brandhof@gmail.com>
Date: Mon, 16 May 2011 23:38:43 +0200
Subject: [PATCH] Fix security issue

---
 .../main/webapp/WEB-INF/app/controllers/settings_controller.rb  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/settings_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/settings_controller.rb
index e7f95603788..854c5f746db 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/settings_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/settings_controller.rb
@@ -32,6 +32,8 @@ class SettingsController < ApplicationController
       project=Project.by_key(params[:resource_id])
       return access_denied unless is_admin?(project)
       resource_id=project.id
+    else
+      return access_denied unless is_admin?
     end
 
     plugins = java_facade.getPluginsMetadata()
-- 
2.39.5